perf: 证书支持旧版RSA,pkcs1

pull/189/head
xiaojunnuo 2024-09-23 14:32:57 +08:00
parent f9ff9191a1
commit 3d9c3ecb3e
5 changed files with 29 additions and 12 deletions

View File

@ -67,11 +67,11 @@ function getKeyInfo(keyPem) {
* ``` * ```
*/ */
async function createPrivateRsaKey(modulusLength = 2048) { async function createPrivateRsaKey(modulusLength = 2048, encodingType = 'pkcs8') {
const pair = await generateKeyPair('rsa', { const pair = await generateKeyPair('rsa', {
modulusLength, modulusLength,
privateKeyEncoding: { privateKeyEncoding: {
type: 'pkcs8', type: encodingType,
format: 'pem', format: 'pem',
}, },
}); });
@ -106,11 +106,11 @@ exports.createPrivateKey = createPrivateRsaKey;
* ``` * ```
*/ */
exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => { exports.createPrivateEcdsaKey = async (namedCurve = 'P-256', encodingType = 'pkcs8') => {
const pair = await generateKeyPair('ec', { const pair = await generateKeyPair('ec', {
namedCurve, namedCurve,
privateKeyEncoding: { privateKeyEncoding: {
type: 'pkcs8', type: encodingType,
format: 'pem', format: 'pem',
}, },
}); });
@ -201,6 +201,9 @@ async function getWebCryptoKeyPair(keyPem) {
} }
/* Decode PEM and import into CryptoKeyPair */ /* Decode PEM and import into CryptoKeyPair */
if (encodingType === 'pkcs1') {
encodingType = 'pkcs8';
}
const privateKeyDec = x509.PemConverter.decodeFirst(keyPem.toString()); const privateKeyDec = x509.PemConverter.decodeFirst(keyPem.toString());
const privateKey = await crypto.webcrypto.subtle.importKey('pkcs8', privateKeyDec, sigalg, true, ['sign']); const privateKey = await crypto.webcrypto.subtle.importKey('pkcs8', privateKeyDec, sigalg, true, ['sign']);
const publicKey = await crypto.webcrypto.subtle.importKey('jwk', jwk, sigalg, true, ['verify']); const publicKey = await crypto.webcrypto.subtle.importKey('jwk', jwk, sigalg, true, ['verify']);

View File

@ -32,7 +32,7 @@ exports.directory = {
*/ */
exports.crypto = require('./crypto'); exports.crypto = require('./crypto');
// exports.forge = require('./crypto/forge'); exports.forge = require('./crypto/forge');
/** /**
* Axios * Axios

View File

@ -155,16 +155,16 @@ export interface EcdsaPublicJwk {
} }
export interface CryptoInterface { export interface CryptoInterface {
createPrivateKey(keySize?: number): Promise<PrivateKeyBuffer>; createPrivateKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
createPrivateRsaKey(keySize?: number): Promise<PrivateKeyBuffer>; createPrivateRsaKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521'): Promise<PrivateKeyBuffer>; createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521',encodingType?:string): Promise<PrivateKeyBuffer>;
getPublicKey(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): PublicKeyBuffer; getPublicKey(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): PublicKeyBuffer;
getJwk(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): RsaPublicJwk | EcdsaPublicJwk; getJwk(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): RsaPublicJwk | EcdsaPublicJwk;
splitPemChain(chainPem: CertificateBuffer | CertificateString): string[]; splitPemChain(chainPem: CertificateBuffer | CertificateString): string[];
getPemBodyAsB64u(pem: CertificateBuffer | CertificateString): string; getPemBodyAsB64u(pem: CertificateBuffer | CertificateString): string;
readCsrDomains(csrPem: CsrBuffer | CsrString): CertificateDomains; readCsrDomains(csrPem: CsrBuffer | CsrString): CertificateDomains;
readCertificateInfo(certPem: CertificateBuffer | CertificateString): CertificateInfo; readCertificateInfo(certPem: CertificateBuffer | CertificateString): CertificateInfo;
createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CsrBuffer]>; createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString,encodingType?:string): Promise<[PrivateKeyBuffer, CsrBuffer]>;
createAlpnCertificate(authz: Authorization, keyAuthorization: string, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CertificateBuffer]>; createAlpnCertificate(authz: Authorization, keyAuthorization: string, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CertificateBuffer]>;
isAlpnCertificateAuthorizationValid(certPem: CertificateBuffer | CertificateString, keyAuthorization: string): boolean; isAlpnCertificateAuthorizationValid(certPem: CertificateBuffer | CertificateString, keyAuthorization: string): boolean;
} }

View File

@ -244,13 +244,25 @@ export class AcmeService {
if (privateKeyArr.length > 1) { if (privateKeyArr.length > 1) {
size = parseInt(privateKeyArr[1]); size = parseInt(privateKeyArr[1]);
} }
let encodingType = "pkcs8";
if (privateKeyArr.length > 2) {
encodingType = privateKeyArr[2];
}
if (type == "ec") { if (type == "ec") {
const name: any = "P-" + size; const name: any = "P-" + size;
privateKey = await acme.crypto.createPrivateEcdsaKey(name); privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
} else { } else {
privateKey = await acme.crypto.createPrivateRsaKey(size); privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
} }
const [key, csr] = await acme.crypto.createCsr(
let createCsr: any = acme.crypto.createCsr;
if (encodingType === "pkcs1") {
//兼容老版本
createCsr = acme.forge.createCsr;
}
const [key, csr] = await createCsr(
{ {
commonName, commonName,
...csrInfo, ...csrInfo,
@ -258,6 +270,7 @@ export class AcmeService {
}, },
privateKey privateKey
); );
if (dnsProvider == null) { if (dnsProvider == null) {
throw new Error("dnsProvider 不能为空"); throw new Error("dnsProvider 不能为空");
} }

View File

@ -74,6 +74,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
{ value: "rsa_2048", label: "RSA 2048" }, { value: "rsa_2048", label: "RSA 2048" },
{ value: "rsa_3072", label: "RSA 3072" }, { value: "rsa_3072", label: "RSA 3072" },
{ value: "rsa_4096", label: "RSA 4096" }, { value: "rsa_4096", label: "RSA 4096" },
{ value: "rsa_2048_pkcs1", label: "RSA 2048 pkcs1 (旧版)" },
{ value: "ec_256", label: "EC 256" }, { value: "ec_256", label: "EC 256" },
{ value: "ec_384", label: "EC 384" }, { value: "ec_384", label: "EC 384" },
// { value: "ec_521", label: "EC 521" }, // { value: "ec_521", label: "EC 521" },